Public bug reported:
Please sync libcommons-fileupload-java 1.3-2.1 (universe) from Debian
unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: arbitrary file overwrite via poison null byte
- debian/patches/CVE-2013-2186.patch: properly validate repository in
src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
- CVE-2013-2186
Debian has merged Ubuntu changes.
Changelog entries since current trusty version 1.3-2ubuntu1:
libcommons-fileupload-java (1.3-2.1) unstable; urgency=low
* Non-maintainer upload.
* Add CVE-2013-2186.patch patch.
CVE-2013-2186: Arbitrary file upload via deserialization. Properly
validate repository in
src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java.
Thanks to Marc Deslauriers <marc.deslauri...@ubuntu.com> for
providing the debdiff. (Closes: #726601)
-- Salvatore Bonaccorso <car...@debian.org> Fri, 15 Nov 2013 15:04:17
+0100
** Affects: libcommons-fileupload-java (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libcommons-fileupload-java in
Ubuntu.
https://bugs.launchpad.net/bugs/1253847
Title:
Sync libcommons-fileupload-java 1.3-2.1 (universe) from Debian
unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcommons-fileupload-java/+bug/1253847/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
